MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ba0761cb9eab07b645a00a78a51cfa26276f2ab5f9a0fcbdbb22af6722dead1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ba0761cb9eab07b645a00a78a51cfa26276f2ab5f9a0fcbdbb22af6722dead1
SHA3-384 hash: b0143e1580eb35bac81d5b6a1fa7ebaf7bf9fda83e8f6a5165cf7486e9e67ea7f5a9bfa2ae9657763132a28335c039b4
SHA1 hash: 9afd64fd914397ec240de3f527563a02dae838b8
MD5 hash: 4e7a27423a4de4f8db92b7036aea2249
humanhash: happy-dakota-four-speaker
File name:Screenshoots of PI.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:683'444 bytes
First seen:2020-10-09 06:33:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:M9AwmTbCgzy+gM2OB6tP5TADCXR/yw1xuXn3qddB7ivEF8bfde65wV7SW:MW3hNLB2xRywjuXnadvmv3dD507SW
TLSH 99E423451C1A60468AF9B8AFC6F8A9FCE7834BFDC74393D3DA7E18DC5209A584460637
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server-solution.cf
Sending IP: 104.168.165.203
From: Magnus <magnus.magnusson@hfgplc.com>
Subject: PI 04120 SF- HFGPLC// PO 6537// Etd Nov 01
Attachment: Screenshoots of PI.rar (contains "t7Beia0TdGFsj4p.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ba0761cb9eab07b645a00a78a51cfa26276f2ab5f9a0fcbdbb22af6722dead1/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 14:39:27 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=boqhmhfz5kyhwzc2actyuuopujrhn4vll6na7s63wivpm4rn5liq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0ba0761cb9eab07b645a00a78a51cfa26276f2ab5f9a0fcbdbb22af6722dead1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 0ba0761cb9eab07b645a00a78a51cfa26276f2ab5f9a0fcbdbb22af6722dead1

(this sample)

NanoCore

Executable exe d03cb8f1bef2e072243235b214adfcbd3e03377a5f3d8753d5025ef35a1666bc

  
Dropping
MD5 b3fbbff80056f0e3df334c5ea6894d9b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d03cb8f1bef2e072243235b214adfcbd3e03377a5f3d8753d5025ef35a1666bc

Comments